Use of sizeof() on a pointer type

From OWASP

Jump to: navigation, search

Overview

Running sizeof() on a malloced pointer type will always return the wordsize/8.

Consequences

Authorization: This error can often cause one to allocate a buffer much smaller than what is needed and therefore other problems like a buffer overflow can be caused.

Exposure period

Implementation: This is entirely an implementation flaw.

Platform

Languages: C or C++

Operating platforms: Any

Required resources

Any

Severity

High

Likelihood of exploit

High

Avoidance and mitigation

Implementation: Unless one is trying to leverage running sizeof() on a pointer type to gain some platform independence or if one is mallocing a variable on the stack, this should not be done.

Discussion

One can in fact use the sizeof() of a pointer as useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer)

Examples

In C/C++:

#include <stdiob.h>

int main(){
  void *foo;
  printf("%d\n",sizeof(foo)); //this will return wordsize/4
  return 0;
}

Related problems

Not available.

Retrieved from "http://www.owasp.org/index.php/Use_of_sizeof%28%29_on_a_pointer_type"

Categories: OWASP Honeycomb Project | Vulnerability | General Logic Error Vulnerability | OWASP CLASP Project | Implementation

Views

Personal tools

Log in / create account

Reference

search

Toolbox